Then all the coins should move to the new chain automatically in order to get the QC security? I guess it would be better if that is done for all SIMcoins, rather than having 2 different chains running simultaneously.

You're right, my question was silly. I am confused regarding QC attack types and what damage they could do. E.g. QC can brute force a private key or damage the whole chain (e.g. by a 51% mining attack in case of pow coins)?

I was just wondering whether the QC security could be automatically applied sometime in the future, in a form of a security update or patch. I guess all users would like to have that patch (can't see a reason for a user to decline) without any action from their side. Could that be done with the bit reservation approach?

Also, regarding the crosschain approach: I was thinking about a hypothetical situation where one holder does not use SIM or check for updates in tech for years. In that case he might not switch to the new QC resistant chain early enough. Could that happen at all?

Also, regarding the crosschain approach: I was thinking about a hypothetical situation where one holder does not use SIM or check for updates in tech for years. In that case he might not switch to the new QC resistant chain early enough. Could that happen at all?

Yes, this could happen. Unfortunately, there is no solution for this. If signatures are broken - anyone can claim the money.

And we can't move coins automatically, because we cannot generate new accounts for owners without knowing new keys - this is something they must do themselves.

A Reddit comment said (I don't know if any of this information is correct) that hashes are at least to some degree QC-resistant. That would mean that Bitcoin should be partly QC-resistant if addresses are not reused and public keys are not revealed. Supposedly Satoshi's coins are QC-vulnerable if he doesn't move them because in the early days block rewards were paid to public keys instead of hashes.

Also in Nxt Account Control there is a planned feature where revealing a hash from a chain of hashes authorizes a transaction. This also seems to provide QC-resistance.

But this QC-stuff doesn't seem like something worth worrying about at the moment.

Yes, hashes are safe. With Bitcoin there's still a risk if somebody intercepts your tx, then cracks the signature and sends the money to himself. Especially if RBF is still active.

I thought about adding AC feature that would require a hash, but there's a problem - anyone in transit will be able to intercept your tx and redirect funds to his own account. I don't know how NXT plans to solve this...

We could add QC-resistant signatures to AC later, but at that point it's probably better to just do the split.

I thought about adding AC feature that would require a hash, but there's a problem - anyone in transit will be able to intercept your tx and redirect funds to his own account. I don't know how NXT plans to solve this...

It seems to need both a signature and a hash to work. Anyway the motivation given for that feature is two-factor authentication, not QC-resistance.